Security News

Safe Connections Act aims to end digital stalking

Avast Security News Team, 12 February 2021

Plus, romance fraud surges and a ransomware attack targets the makers of Cyberpunk 2077

A bipartisan group of U.S. senators introduced the Safe Connections Act last week, a bill that, if passed into law, would help victims of domestic abuse by giving them a free and covert way of extricating themselves from shared phone plans and moving onto a new method of communication through which their abusers could neither stalk nor spy on them.

Shared phone plans give abusers the tools to monitor their partners’ phone calls, texts, and even physical locations. According to CyberScoop, the Safe Connections Act has gained widespread support among digital rights activists including Access Now, RAINN, and the National Network to End Domestic Violence (NNEDV). “The best help that can be given to victims of abuse is to ease the process of getting away from the abuser as soon as possible,” commented Avast Security Evangelist Luis Corrons. He added, “If this law is passed, it will undoubtedly help this process.” 

Shared phone plans are only one way abusers can track their victims. Other apps, known as stalkerware, also provide tools that can be used for digital surveillance. Usually, the stalkerware aspect of these apps is a side function or by-product of the app’s intended purpose and therefore somewhat hidden. Learn how to spot the signs of stalkerware on your own phone, how to prevent it, and how to remove it with tips from our CISO and security team.  

Romance fraud surges during pandemic lockdowns

According to a report from BBC News, U.K. users lost a collective £68m in bank transfer frauds related to romance scams in 2020, a 20% increase from the previous year. The romance scams led to more financial loss throughout the year than both online shopping scams and auction scams combined. Experts point to lockdowns from the pandemic as the reason more people have been searching online for love, which in turn has led to more predators and scammers posing as possible romantic candidates. As Valentine’s Day approaches, users are advised to remain aware of this trend and never to send money or financial information to anybody they only know online.

Ransomware targets game developer CD Projekt Red 

Warsaw-based CD Projekt Red (CDPR), the game studio behind Cyberpunk 2077, Gwent, and The Witcher series, announced that it has become the victim of a targeted ransomware attack. The company shared the ransom note in a Twitter post, wherein the attacker claims to have stolen the source code to the studio’s biggest games, in addition to other documents “relating to accounting, administration, legal, HR, investors relations, and more.” In CDPR’s statement, also included in the tweet, the studio states that “to the best of our knowledge, the compromised systems did not contain any personal data of our players or users of our services.” The company also made it clear that they will not be paying the ransom nor negotiating with the attackers. Read more at Ars Technica

223M Brazilians exposed in data leak

The Brazilian Institute for Consumer Protection (IDEC), a consumer rights watchdog group, is urging the Brazilian federal government to take immediate action in order to mitigate the damage done by a massive data leak that exposed the personal details of 223 million citizens. Cybersecurity firm Psafe discovered the data base – which includes names, addresses, vehicle data, financial information, and credit information – being sold on the dark web. According to ZDNet, the incident is considered to be Brazil’s most significant data leak on record. The IDEC is demanding the government take more effective measures to prevent such an occurrence in the future by pulling together concerted cooperation from various agencies such as National Data Protection Authority, the Public Prosecutor’s Office, and the National Congress.

Raspberry Pi update brings Microsoft pings

The latest update to Raspberry Pi OS installs a protocol that pings a Microsoft server each time a user updates the OS, and the move troubles some Raspberry Pi users with privacy concerns. The Raspberry Pi Foundation, which developed the low-cost, single-board computers, has recently endorsed Microsoft’s Visual Studio Code editor. Raspberry Pi Director of Software Engineering Gordon Hollingworth said that adding a Microsoft repository to the new OS is intended to make “the first experience for people who do want to use tools such as VSCode easier.” One privacy advocate argued in a Reddit post that the new protocol now identifies users as Raspberry Pi owners, which then can “influence ads, among other possibilities.” Learn more at PC Mag

This week’s ‘must-read’ on The Avast Blog

Scammers are seeking to manipulate the review system to trick even the most educated consumers. In a real-life cautionary tale, we guide you through the underworld of an SEO moving scam